package com.lzd.framework.springsecurity.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenStore;

@Configuration
@EnableAuthorizationServer
public class MyAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private AuthorizationServerTokenServices myTokenServices;

    @Autowired
    private TokenEnhancer tokenEnhancer;

    @Autowired
    private UserDetailsService userDetailsService;
    
    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.authenticationManager(authenticationManager)
                .tokenStore(tokenStore)
                .tokenEnhancer(tokenEnhancer)
                // refresh_token需要userDetailsService
                .reuseRefreshTokens(false)
                .userDetailsService(userDetailsService);
        endpoints.tokenServices(myTokenServices);
    }
    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
        oauthServer
                // 开启/oauth/token_key验证端口无权限访问
                .tokenKeyAccess("permitAll()")
                // 开启/oauth/check_token验证端口认证权限访问
                .checkTokenAccess("isAuthenticated()");
                //允许表单提交
//                .allowFormAuthenticationForClients()
//                .checkTokenAccess("isAuthenticated()");                
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    	// NOTICE 此处MyAuth2ServerConfig 可能有问题
        clients.inMemory()
                .withClient("client-baidu")       //client端唯一标识
                    .secret(passwordEncoder.encode("client-baidu-secret")) //客户端的密码，这里的密码应该是加密后的
                    .authorizedGrantTypes("authorization_code")        //授权模式标识
                    .scopes("read_user_info")    //作用域
                    .resourceIds("baidu-Resourceid") //资源id
                    .redirectUris("http://www.baidu.com"); //回调地址，这个地址是第三方的地址
                    //后续，第三方应该使用本处返回的code，使用/oauth/token?+客户id+客户密码，来获取token
    }
}